Society is bombarded with malicious cybercrime. Personal and corporate data theft as well as data alteration plague our reliance on computer technology. The US Security and Intelligent Documents Business Unit reported an estimated 13.3 people become victims of document and identity fraud every 60 seconds with almost seven million victims per year. Botnets and hackers compromise networks to steal data. Cybercrime is difficult to track. A computer criminal can use open cyber cafe computers, moving from server to server, changing internet providers, use false information to register, and can steal service from unsecured wireless access points.
Once networks are penetrated, security means to protect data such as encryption, security protocols, data access, and authentication schemes are not enough. It is widely accepted that disk encryption protects sensitive data when misappropriated. However, researchers at Princeton University demonstrated that even when encrypted, the data can easily be read without physical access to the computer.
Combating cybercrime and cyber terrorism is of daunting concern among federal officials who ask “when our networks are attacked and rendered useless, how do we regain access to our data?” The Pentagon alone logged 1,300 successful intrusions in 2005. Chinese hackers penetrated US State Department computers of which hundreds had to be replaced or taken offline for months.
Company computer systems are protected by multiple layers of security including data encryption, Digital Rights Management (DRM), and Enterprise Rights Management (ERM). These server-centric solutions require access management infrastructure such as enterprise or licensing server communication to authorize data access. However, employee misconduct and unintentional actions like errors and omissions are the greatest cause of data security breaches. Criminal activity can and does occur inside corporations and agencies where the perpetrator (e.g., an employee) has ready access beyond the security measures in place. Recent high-profile laptop thefts by insiders include a Veterans Administration computer containing information on 26 million veterans, and a University of California-Berkeley laptop with more than 98,000 graduate students' data.
In addition, emergency incidences that require first responders and other government agencies to resolve an incident at the national level as defined in the US Department of Homeland Security Nation Incident Management System (NIMS) may require classified data usage. Concerns in supporting NIMS include the loss of control of classified data instantiations that were shared during the incident.
Intelligent documents are interactive electronic documents that usually require web or network server access. Network reliance makes these solutions vulnerable to security breaches. Even if the user is authorized to access the data, upon opening the data or document, the computer environment in which it resides may not be secure. This scheme still relies on the network security and third party software such as virus protectors, spyware, and firewall protection. Hackers could breach the network, third party solutions may not detect the latest cyber threat or the user may not have the latest security update.
It is very desirable to provide users with the capability of limiting their exposure to cybercrime, data breaches, and protect data where even if the perpetrator is successful in overcoming network security barriers and obtains an instantiation of the data, it will be of no avail. Instead of relying on outside resources in application server-centric architectures, the data itself needs to be intelligent and autonomous. The data itself needs to evaluate its situation and employ cognition to advance to new degree of security and capabilities. Data needs to evaluate and configure its environment before it opens, analyze behavior, perform data-to-data relationship analysis, and take necessary measures for self-protection, self-destruction, and in certain circumstances, report back to its creator. If the data itself knows who it is, where it is, and how it should interact, it can configure and monitor its computer environment to support its own needs. There exists a strong need for data that possesses cognition and this level of security. Data that can “think for itself” and reason based on its situation could greatly advance data security and become a major roadblock for cybercrime and cyberterrorism.